nimdokk has asked for the
wisdom of the Perl Monks concerning the following question:

I've done a bit of searching here on this topic, but either I'm not asking myself the right question or I'm missing something. I have a script that accesses a Windows app via COM API. The app requires a connection that includes a user name/password to authenticate so you can access and do what you need to do. Currently, the user ID/password are hard coded into the script so anyone on my team who uses the script does the work as that user instead of their own account. I've initiated a request to our vendor to address this so that we can use something like the "currently logged on user" for our authentication via the COM API (this is functionality availble in the GUI front-end but not apparently in the COM API objects we can access). Not sure when this will get done.
In the meantime, I'd revising things so that when a user runs the script, it will prompt them for their user ID and then password which would then be passed in to authenticate the connection. My question: is there a good/recommended way to prompt a user for a password and then hash it or do something so that the password is not kept in clear text but can be passed for authenticating the connection to the app. The audience on this functionality is extremely limited to myself and my two co-workers (no one else would be able to run and administer the application using these scripts).
I'm really not sure where to begin beyond setting the script up to prompt for user ID/password. Here is what I have at the moment:

One thought I had would be to make the connection right away and then change the value of $pass to some garbage (or set it to undef or something like that so it's no longer valid - it would only be needed once to make the connection - the code to make the connection has not been included in this sample). If there's something I can look at to figure out my issue, please let me know (I'm not looking for a specific answer - just some place I can go to find an answer - or suggestions). If possible, I'd like to avoid having to load additional modules (unless that is the best answer).
Thanks in advance

Notice the "Password?" prompt has no text next to it as the ReadMode(2) call turns off echo so you don't see the user typing their password. It does get saved to $pass however. But also notice the "Use of uninitialized ..." error after "CONNECT..." because we set $pass to 'undef' and then print it - just so you see it has been "erased" after using it to authenticate.

Are you concerned that people will be snooping the memory of the computer you are running the script on while you're running the script - and thus need the obfuscation of the $pass variable immediately?

What you’s really like to do is to have access to the COM interface controlled such that no one or no application can gain access to it at all without being authorized through the existing Windows (OpenDirectory / LDAP / etc.) authentication mechanisms.

The request itself might be accompanied by some random identification-token which is simply a calling-card. Some COM interfaces oblige you to send a hash of a userID/password combination (structured however the vendor requires) across the wire: the receiving computer knows what the correct hash-value should be, but no one who’s looking at the transmission has any idea.

Microsoft has some trustworthy interface abilities already built-in to their IIS server which do give you a way to find out about the user without having to ask him, and these can also be applied to the case of remote interfaces if the remote in question is intra-net.

As mentioned, I have but a flea in the vendor's ear to address this. I've also found that via the COM objects they have available, we cannot authenticate with a domain account (even though we can use the same domain account via the GUI) even with hardcoded user name/password. This is not a Perl problem, but missing functionality (especially if they recommend not exposing passwords when using their COM API.